Silver Sparrow Malware

Apple's new M1 chip quickly attracted the attention of cybercriminals who have started to develop new threats or to update old code to make it compatible with Apple's newest ARM-based chipset. After the reports of the GoSearch22 malware in mid-February, anti-virus vendors are reporting yet another malware family, which appears to be tailored to work on a system using Apple's M1 chip. The malware, dubbed Silver Sparrow, is reported to be active on over 29,000 macOS systems as of the 17th of February. However, this attack campaign appears to be missing one key component – the Silver Sparrow Malware is yet to bring any payloads to compromised systems. This means that the attacks are harmless for now, but it is probably a matter of days for the Silver Sparrow Malware's operators to introduce a working payload that can perform all sorts of tasks on compromised macOS systems.

Allegedly, a significant fraction of the systems infected by the Silver Sparrow Malware is situated in Germany, France, Canada and the United States. While the introduction of the Apple M1 chip has eliminated any old malware meant to run on macOS systems, cybercriminals only needed 2-3 months to develop threats that are able to run on Apple's ARM-based chip.

At the moment, systems infected by the Silver Sparrow Malware are pinging a Command-and-Control server every hour to check for new instructions. The implant tries to fetch a shell script from the Command and Control server and then decodes it to look for new instructions or payloads. So far, no instances of the Silver Sparrow Malware have fetched a working payload, so the purpose of the attack remains a mystery.

While the Apple M1 chip has certainly enhanced the security of macOS devices, it is clear that the protection it offers is temporary. Users of Apple computers and laptops should still invest in 3rd-party security software to make sure that they are well-protected from cyber-threats.